Press Center

ESET Threat Intelligence data feeds set to increase visibility for users operating Microsoft Sentinel SIEM/SOAR platform.

BRATISLAVA — December 8, 2023 —ESET, a global leader in cybersecurity, today announced that its long-standing collaboration with Microsoft now includes the integration of ESET’s six threat intelligence data feeds with Microsoft Sentinel, a scalable, cloud-native solution providing security information and event management (SIEM) and security orchestration, automation, and response (SOAR) capabilities. ESET’s integration utilizes Microsoft Sentinel’s built-in TAXII client, helping security operations center (SOC) analysts in any organization hunt and investigate customers’ threat environments. This marks a new effort to extend the benefit of ESET’s unique data to organizations seeking to improve existing comprehensive threat intelligence solutions and rapid response capabilities.

The ESET data in question is built on the back of its renowned Malware and Threat Research pedigree, which benefits from unique telemetry fed from its substantial installed user base, among them regions underserved by most competitors. This unique value-add is best demonstrated by the many notable research pieces and exclusive detections, including GreyEnergy, BlackEnergy, Industroyer, NotPetya and many of the wiper malware discovered at the start of Russia’s invasion of Ukraine.

ESET’s data and its research cadre also regularly feature in large botnet takedowns and disruptions. These discoveries were pursued by more than 160 researchers and software engineers working in Core Research and Threat Detection at ESET.

The threat data feeds featured in this integration comprise only relevant, curated data that has already received in-house data evaluation, curation, sorting, scoring and processing. The data feeds include APT feed, malicious files feed, botnet feed, domain feed, URL feed and IP feed. The quality of the data is also reflected in the strong standing of #ESETResearch in the cybersecurity community and the contributions of its experts in partnership with MITRE ATT&CK, CISA, EUROPOL, FBI and a number of government entities.

With global concerns intensely focused on threats vectoring from Russia’s war in Ukraine and other hotspots going global, ESET prioritized rapid support for enterprises via its threat data in an agnostic approach to users’ chosen threat intelligence (TI) platforms. This acknowledges the diversity of software and technology stack choices. The integration also signals ESET’s path toward supporting seamless interaction between our data and internal tools and third-party SIEM and SOAR tools — starting with Microsoft Sentinel. This approach supports simplified workflows and reductions in manual effort and enhances efficiency. The collaboration between the two companies also demonstrates a strong market position, with two industry leaders combining their strengths.

“Integrating with Microsoft Sentinel allows us to demonstrate focus on strengthening security now. With our security-first, customer-centric mindset front and center, the integration will allow ESET and Microsoft’s joint customers to immediately benefit from a more holistic view of their security posture by combining ESET’s real-time threat data with customers’ wider security operations,” said Trent Matchett, ESET Director of Global Strategic Accounts.

“This announcement is also a proof point for ESET’s journey towards utilization of industry standard APIs (TAXII 2.1 and STIX 2.1) to deliver Threat Intelligence products. With the Microsoft Sentinel integration, ESET further demonstrates the unique value-add we’ve brought to the cybersecurity community for more than 30 years. So, for SOC teams, CERTs, MSSPs or TIPs that come across this integration, they should know that ESET data is highly actionable, and with ESET’s storied low false positive rates, can have immediate impact when countering threats that ESET has unique detections for,” Matchett continued.

Microsoft Sentinel users can now benefit from unique, diverse, actionable feeds from ESET. They can enrich their TI in a very useful and valuable way, and significantly improve their security posture and prevent ransomware attacks, malware campaigns, etc. These benefits are built upon the strong foundations of ESET threat intelligence (data feed) and its endpoint protection products (ESET PROTECT), which collectively include:

• Enhanced analysis
• Cloud native deployment
• Intelligence-driven data (highly curated)
• Dedicated team of threat researchers tracking all major APT groups
• Unique data sources
• Deeper visibility
• Protection from botnets, precursors to ransomware attack
• Advanced context of IOCs
• Early-stage detection and protection
• Protection against threats with automated intelligence in real time

Find further information about the ESET threat data feed and integration with Microsoft Sentinel here. Additional detailed information about ESET Threat Intelligence, our API project and other related topics is available on our corporate website, or make a direct inquiry. 

About ESET
ESET develops software solutions that deliver instant, comprehensive protection against evolving computer security threats. ESET pioneered and continues to lead the industry in proactive threat detection. ESET NOD32 Antivirus, its flagship product, consistently achieves the highest accolades in all types of comparative testing and is the foundational product that builds out the ESET product line to include ESET Smart Security. ESET Smart Security is an integrated antivirus, antispyware, antispam and personal firewall solution that combines accuracy, speed and an extremely small system footprint to create the most effective security solution in the industry. Both products have an extremely efficient code base that eliminates the unnecessary large size found in some solutions. This means faster scanning that doesn’t slow down computers or networks. Sold in more than 160 countries, ESET has worldwide production headquarters in Bratislava, SK and worldwide distribution headquarters in San Diego, U.S. ESET also has offices in Bristol, U.K.; Buenos Aires, AR; Prague, CZ; and is globally represented by an extensive partner network. For more information, visit our local office at https://eset.version-2.sg.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The Company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which includes Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities. For more information, please visit https://www.version-2.com.sg/ or call (65) 6296-4268.